Emumail EMU Webmail 5.2.7 - nit.emu Information Disclosure

source: https://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script,...

Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow

include include include include include include pragma commentlib,"ws232" unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00, 0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,...

Netsuite121.txt

Moby's Netsuite 1.21 Traversal Directory bugs Release Date: 13 July, 2003 Description: NetSuite is a freeware server suite that allows anyone with a static IP address the ability to run their own mail and web services. Note that you cannot reasonably run a web server from a normal dial-in account...

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...

AN HTTPd Sample Script File Truncation

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

Stronghold swish Search Script Information Disclosure

An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path. A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the...

CVE-2002-1634

Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via 1 ndsobj.nlm, 2 allfield.jse, 3 websinfo.bas, 4 ndslogin.pl, 5 volscgi.pl, 6 lancgi.pl, 7 test.jse, or 8 env.pl...

PT-2002-2467 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS version 5.0 Description: The issue is related to an off-by-one error in the CodeBrws.asp sample script. This error allows remote attackers to view the source code for files with extensions containing one additional character aft...

omnihttpd.txt

A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...

OmniHTTPd 1.1/2.0.x/2.4 - test.shtml Sample Application Cross-Site Scripting

source: https://www.securityfocus.com/bid/5568/info Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal cookies or perform other web-base...

OmniHTTPd 1.1/2.0.x/2.4 - 'test.php' Sample Application Cross-Site Scripting

source: https://www.securityfocus.com/bid/5568/info Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal cookies or perform other web-base...

CVE-2002-0793

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 aka QNX4 allow local users to overwrite arbitrary files via 1 the -f argument to the monitor utility, 2 the -d argument to dumper, 3 the -c argument to crttrap, or 4 using the Watcom sample utility...

CVE-2002-0793

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 aka QNX4 allow local users to overwrite arbitrary files via 1 the -f argument to the monitor utility, 2 the -d argument to dumper, 3 the -c argument to crttrap, or 4 using the Watcom sample utility...

Apache Tomcat default installation contains sample applications that disclose webroot path

Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...

Novell NetWare default installation contains sample files that disclose sensitive server information

Overview Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the...

JRun Multiple Sample Files Remote Information Disclosure

This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as...

Netscape Enterprise Web Server for Netware 4/5 5.0 - Information Disclosure

source: https://www.securityfocus.com/bid/4874/info It has been reported that Netscape Enterprise Web Server may disclose path and system information to a remote user. Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be...

Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title...

Multiple Oracle 9iAS sample pages contain vulnerabilities

Overview Oracle Application Server version 9iAS installs with sample pages that demonstrate various functions of the software. Many of these pages can be used by attackers to breach the security of the system. Description A fresh installation of Oracle Application Server version 9iAS and possibly...

FastCGI Multiple Sample CGI XSS

Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...